World Backup Day – Ransomware …

One of the scarier trends in cybercrime is ransomware: criminals infect your workstation or network with software that can encrypt your files. You, the victim, then have to choose whether or not to pay the ransom to get the decryptor tool. No one wants to be in this position.

78% of people claim to be aware
of the risks of unknown links
in email, but choose to click anyway.

The best defense to ransomware is a solid security infrastructure that includes comprehensive email, web, application, and network protection. Since users are our last line of defense and almost always our weakest link, you'll need to include user training and ongoing reinforcement of security awareness. No security strategy is complete without that.

Research has repeatedly shown that the businesses most likely to recovery from ransomware are those with solid data protection and disaster recovery plans in place. At a minimum, this means we follow the 3-2-1 rule: three copies of your data (including the original), two backup copies of your data kept in two different places, one of which is off-site. But there's more to consider here than just the data backups and where to keep them.

If you're reviewing or building a new backup strategy, here are a few things to consider:

Data or system state? If you backup your data, do you have what you need to restore your operating system, domain, applications, etc? A simple data backup can take less time to perform and save space on your backup storage, but you may have to manually reinstall your operating system and applications.

Application considerations: What roles do your applications perform? If you have several application servers running on-premises, you'll want to choose whether to backup all of them, or just those performing critical functions in the organization. Does your application generate dynamic data or is it a simple static configuration that can be protected with infrequent backups? Be sure to maintain documentation of your applications, version and patch levels, and any other data that you'll need should you have to restore.

What is your risk tolerance level? How long can the company remain offline between the time of an attack and the time that normal operations resume? The maximum time you are willing to accept is your Recovery Time Objective (RTO), and this is something that management and senior executives should decide or agree to when you propose the disaster recovery plan. When having this conversation, take care not to confuse this with the Recovery Point Objective (RPO), which is the amount of data you are willing to lose.

For example, you may have a Recovery Time Objective of 1 hour for your public facing website, because it's important that the public knows you are open for business. Your Recovery Point Objective for that website might 72 hours or more because the website data is easy to recreate or just not that valuable. In this case, the System Administrator would restore the website as soon as possible from a backup that might be several days old. Digging into scenarios like this will help you determine your data protection plan and get buy-in from others.

What's next?

As mentioned above, even companies with data protection in place can lose data in a ransomware attack. Comprehensive security has never been more important. However, a data backup is still your best hope to successfully recover from a ransomware attack. World Backup Day is a reminder to review your disaster recovery strategy and make a plan to plug any holes that you find.

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Search this site

Search this website

About Christine Barry

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.